Order from Chaos: Securing Your Software Defined Infrastructure
People are expected to work together to make cloud happen, yet, we did not all arrive at the same time or following the same path. Achieving security at scale, especially at the speed of cloud, requires an understanding of the people involved and what they care about.
Information Security professionals rarely have the luxury of stepping back and looking at what we are asked to secure and why. I am not talking about an after-action analysis or lessons-learned exercise. I'm talking about looking back before the incident, before the ask, before the tool choice and the policy; Looking all the way back to what changed and the cascade of events that put us in the situation we, as security professionals, are in.
Most of the time, we are asked to secure something long after it has been incubated, planned, marketed, and alpha and beta tested. Forced to attempt to secure something that has already started, playing catch-up on the infrastructure and hosting changes, new technology and vendors used, and new paths of data. Never being able to ask why, only ever able to just hang on. How did it get to this point and how do we fix it?
This multi-part blog will focus on how "Security" got to this point by also exploring AppDev's journey. How what we are asked to secure has changed, how we have changed yet stayed the same, and how we must evolve our thinking and approach to secure this new world of software defined infrastructure.